GHSA-77h3-w9rx-hj3q – scratchpad

Package

Manager: cargo
Name: scratchpad
Vulnerable Version: >=0 <=1.3.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P

EPSS: N/A pctlN/A

Details

User-defined implementations of the safe trait scratchpad::Tracking can cause heap buffer overflows The `get` and `set` methods of the public trait `scratchpad::Tracking` interact with unsafe code regions in the crate, and they influence the computation of addresses returned as raw pointers. However, the trait itself is not marked as unsafe, meaning users may provide custom implementations under the assumption that the crate upholds all safety guarantees. This becomes problematic because even safe implementations of `get` and `set`-written without using any unsafe code-can still result in ill-formed raw pointers. These pointers may later be dereferenced within safe APIs of the crate (e.g., `marker::MarkerBack::allocate_slice_copy`), potentially leading to arbitrary memory access or heap buffer overflows. According to the [penultimate commit](https://github.com/okready/scratchpad/commit/957dee1a3902f48600b06910e8e0b1d5ee7dab83), the crate is in maintenance mode awaiting a cleanup that will reduce the area of unsafe code. Note that the last commits to the repository are from 4 years ago.

Metadata

Created: 2025-08-14T22:23:02Z
Modified: 2025-08-14T22:23:02Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-77h3-w9rx-hj3q/GHSA-77h3-w9rx-hj3q.json
CWE IDs: ["CWE-122"]
Alternative ID: N/A
Finding: F184
Auto approve: 1